Internet Draft Mark Bakke Jim Muchow Expires April 2002 Cisco Systems Marjorie Krueger Hewlett-Packard Tom McSweeney IBM October 2001 Definitions of Managed Objects for iSCSI 1. Status of this Memo This document is an Internet-Draft and is in full conformance with all provisions of Section 10 of RFC2026. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet- Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet- Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html. 1.1. Copyright Notice Copyright (C) The Internet Society (2000). All Rights Reserved. 2. Abstract This memo defines a portion of the Management Information Base (MIB) for use with network management protocols in TCP/IP based internets. Bakke, Muchow Expires April 2002 [Page 1] Internet Draft iSCSI MIB October 2001 In particular it defines objects for managing a client using the iSCSI (SCSI over TCP) protocol. It is meant to match the latest version of iSCSI defined in [ISCSI]. 3. Acknowledgments In addition to the authors, several people contributed to the development of this MIB. Thanks especially to those who took the time to participate in our weekly conference calls to build our requirements, object models, table structures, and attributes: John Hufferd, Tom McSweeney (IBM), Kevin Gibbons (Nishan Systems), Chad Gregory (Intel), Jack Harwood (EMC), Hari Mudaliar (Adaptec), Ie Wei Njoo (Agilent), Lawrence Lamers (SAN Valley), Satish Mali (Stonefly Networks), and William Terrell (Troika). Special thanks to Tom McSweeney, Ie Wei Njoo, and Kevin Gibbons, who wrote the descriptions for many of the tables and attributes in this MIB, and to Keith McCloghrie for serving as advisor to the team. 4. The SNMP Management Framework The SNMP Management Framework presently consists of five major components: o An overall architecture, described in RFC 2571 [RFC2571]. o Mechanisms for describing and naming objects and events for the purpose of management. The first version of this Structure of Management Information (SMI) is called SMIv1 and described in STD 16, RFC 1155 [RFC1155], STD 16, RFC 1212 [RFC1212] and RFC 1215 [RFC1215]. The second version, called SMIv2, is described in STD 58, RFC 2578 [RFC2578], STD 58, RFC 2579 [RFC2579] and STD 58, RFC 2580 [RFC2580]. o Message protocols for transferring management information. The first version of the SNMP message protocol is called SNMPv1 and described in STD 15, RFC 1157 [RFC1157]. A second version of the SNMP message protocol, which is not an Internet standards track protocol, is called SNMPv2c and described in RFC 1901 [RFC1901] and RFC 1906 [RFC1906]. The third version of the message protocol is called SNMPv3 and described in RFC 1906 [RFC1906], RFC 2572 [RFC2572] and RFC 2574 [RFC2574]. o Protocol operations for accessing management information. The first set of protocol operations and associated PDU formats is described in STD 15, RFC 1157 [RFC1157]. A second set of Bakke, Muchow Expires April 2002 [Page 2] Internet Draft iSCSI MIB October 2001 protocol operations and associated PDU formats is described in RFC 1905 [RFC1905]. o A set of fundamental applications described in RFC 2573 [RFC2573] and the view-based access control mechanism described in RFC 2575 [RFC2575]. A more detailed introduction to the current SNMP Management Framework can be found in RFC 2570 [RFC2570]. Managed objects are accessed via a virtual information store, termed the Management Information Base or MIB. Objects in the MIB are defined using the mechanisms defined in the SMI. This memo specifies a MIB module that is compliant to the SMIv2. A MIB conforming to the SMIv1 can be produced through the appropriate translations. The resulting translated MIB must be semantically equivalent, except where objects or events are omitted because no translation is possible (use of Counter64). Some machine readable information in SMIv2 will be converted into textual descriptions in SMIv1 during the translation process. However, this loss of machine readable information is not considered to change the semantics of the MIB. All the MIB objects defined in this MIB have at most a read-only MAX- ACCESS clause, i.e., none are writable. This is a conscious decision by the working group to limit this MIB's scope. It is possible that this restriction could be lifted after implementation experience, by means of additional tables (using the AUGMENTS clause) for configuration and extended entity information. WORK - Update the above to reflect our writable attributes 5. Relationship to Other MIBs The iSCSI MIB is layered between the SCSI MIB [SCSI-MIB] (work in progress) and the TCP MIB [RFC2012], and provides attributes that can be used to relate its objects to objects in the SCSI and TCP MIBs. Each iSCSI initiator and target is related to one SCSI initiator or target, and each iSCSI connection is related to one TCP connection. 6. Discussion This MIB structure is intended to satisfy fault, performance, and security management for an iSCSI implementation. It is structured around the well-known iSCSI objects, such as targets, initiators, Bakke, Muchow Expires April 2002 [Page 3] Internet Draft iSCSI MIB October 2001 sessions, connections, and the like. It is worthwhile to note that this is an iSCSI MIB and as such reflects only iSCSI objects (real or virtual). This means that this MIB will not directly deal with real SCSI objects or the SCSI protocol in general. This are represented within the SCSI MIB (work in progress) The iSCSI MIB consists of eight "objects", each of which is represented by one or more tables. This section contains a brief description of the "object" hierarchy and a description of each object, followed by a discussion of the actual SNMP table structure within the objects. 6.1. iSCSI MIB Object Model The top-level object in this structure is the iSCSI instance, which "contains" all of the other objects. iscsiInstance -- A distinct iSCSI entity within the managed system. -- Most implementations will have just one of these. iscsiTargetPortal -- An IP Address and TCP Port pair on which this instance is -- listening for connections to its targets. iscsiInitiatorPortal -- An IP Address from which this instance can make connections -- to other targets. iscsiSession -- An active iSCSI session between an initiator and a target. -- The session's direction may be Inbound (outside initiator to -- our target) or Outbound (our initiator to an outside target). iscsiConnection -- An active TCP connection within an iSCSI session iscsiTarget -- An iSCSI target to which this iSCSI instance is providing -- access. iscsiAccessList -- A list of initiators that are allowed access to this -- target. iscsiInitiator -- An iSCSI initiator, used by this iSCSI instance to access -- iSCSI targets. An Instance can contain Initiators, Targets, or both. Multiple InitiatorPortals and TargetPortals may be present; the MIB assumes that any Target may be accessed via any TargetPortal, although other access controls not reflected in the MIB might limit this. Bakke, Muchow Expires April 2002 [Page 4] Internet Draft iSCSI MIB October 2001 Logical Units and LUNs are SCSI-level entities, which will be covered in a separate SCSI MIB. 6.2. iSCSI MIB Table Structure Each iSCSI "object" is comprised of one or more tables: an attributes table, and zero or more statistics tables which augment the attributes table. Since iSCSI is an evolving standard, it is much cleaner to separate statistics and attributes into separate tables, instead of putting them all into the same table. This allows attributes and statistics to be added independently, without mixing them and making them appear messy. In a few cases, there are multiple categories of statistics that will likely grow; in this case, an object will contain multiple statistics tables. iscsiObjects iscsiDescriptors iscsiInstance iscsiInstanceAttributesTable iscsiInstanceSsnErrorStatsTable -- Counts abnormal session terminations iscsiTargetPortal iscsiTgtPortalAttributesTable iscsiInitiatorPortal iscsiIntrPortalAttributesTable iscsiSession iscsiSessionAttributesTable iscsiSessionStatsTable -- Performance-related counts (total requests, responses, bytes) iscsiSessionCxnErrorStatsTable -- Counts digest errors, connection errors, etc. iscsiConnection iscsiConnectionAttributesTable iscsiTarget iscsiTargetAttributesTable iscsiTargetLoginStatsTable -- Counts successful and unsuccessful logins iscsiTargetLogoutStatsTable -- Counts normal and abnormal logouts iscsiAccessList iscsiAccessListAttributesTable iscsiInitiator iscsiInitiatorAttributesTable iscsiInitiatorLoginStatsTable -- Counts successful and unsuccessful logins iscsiInitiatorLogoutStatsTable -- Counts normal and abnormal logouts Bakke, Muchow Expires April 2002 [Page 5] Internet Draft iSCSI MIB October 2001 Note that this MIB does not attempt to count everything that could be counted; it is designed to include only those counters that would be useful for identifying performance, security, and fault problems from a management station. 6.3. iscsiInstance The iscsiInstanceAttributesTable is the primary table of the iSCSI MIB. Every table entry in this MIB is "owned" by exactly one iSCSI instance; all other table entries in the MIB include this table's index as their primary index. Most implementations will include just one iSCSI instance row in this table. However, this table exists to allow for multiple virtual instances. For example, many IP routing products now allow multiple virtual routers. The iSCSI MIB has the same premise; a large system could be "partitioned" into multiple, distinct virtual systems. This also allows a single SNMP agent to represent multiple subsystems, perhaps a set of stackable devices, each of which have one or even more instances. In an iSCSI host, it allows multiple vendors' implementations to co-exist under a single SNMP agent; each could have its own instance. A scalar predecessor of the table called the iscsiInstanceNumber denotes the number of instances or rows in the iscsiInstanceAttributesTable. Each row also contains similar "Number" or instance counts for the various rows of the sub-tables that are derived from this table. The instance attributes include the iSCSI vendor and version, as well as information on the last target or initiator at the other end of a session that caused a session failure. The iscsiInstanceSsnErrorStatsTable augments the attributes table, and provides statistics on session failures due to digest, connection, or iSCSI format errors. 6.4. iscsiTargetPortal The iscsiTargetPortalAttributesTable lists local sockets on which the iSCSI instance is listening for incoming connections to its targets. This table contains the local IP address, TCP (or other protocol) port, and IP protocol (for now, just TCP) on which the socket is listening. It also includes a portal group aggregation tag; iSCSI target ports within this instance sharing the same tag can contain connections within the same session. Bakke, Muchow Expires April 2002 [Page 6] Internet Draft iSCSI MIB October 2001 This table will usually be empty for iSCSI instances that contain only initiators (such as iSCSI host driver implementations). 6.5. iscsiInitiatorPortal The iscsiInitiatorPortalAttributesTable lists the IP addresses from which the iSCSI instance may initiate connections to other targets. Each entry in this table contains a local IP address and IP protocol (for now, just TCP), and a portal group aggregation tag, indicating which portals an initiator may use together within a multiple- connection session. This table will usually be empty for iSCSI instances that contain only targets (such as most iSCSI devices). 6.6. iscsiSession The iscsiSessionAttributesTable contains a set of rows that list the sessions known to be existing locally for each iSCSI instance. The session type for each session indicates whether the session is used for normal SCSI commands or for discovery using the SendTargets text command. The session direction for each session indicates whether it is an Inbound Session or an Outbound Session. Inbound sessions are from some other initiator to a target within this iSCSI instance; Outbound sessions are from our initiator to a target outside this iSCSI instance. An inbound session may be correlated with its local target using the iscsiSsnTarget attribute of the session; the InitiatorName indicates the "other end", in some other entity. Similarly, an outbound session may be associated with its local initiator using the iscsiSsnInitiator; in this case, the TargetName indicates the other end. Many attributes may be negotiated when starting an iSCSI session. Most of these attributes are included in the session object. Some attributes, such as the integrity and authentication schemes, have some standard values which can be extended by vendors to include their own schemes. These contain an object identifier, rather than the expected enumerated type, to allow these values to be extended by other MIBs, such as a enterprise MIBs. The iscsiSessionStatsTable includes statistics related to Bakke, Muchow Expires April 2002 [Page 7] Internet Draft iSCSI MIB October 2001 performance; counting iSCSI data bytes and PDUs. For implementations that support error recovery without terminating a session, the iscsiSessionCxnErrorStatsTable contains counters for the numbers of digest and connection errors that have occurred within the session. 6.7. iscsiConnection The iscsiConnectionAttributesTable contains a list of active connections within each session. It contains the IP addresses and TCP (or other protocol) ports of both the local and remote side of the connection. These may be used to locate other connection-related information and statistics in the TCP MIB [RFC 2012]. The attributes table also contains a connection state. This state is not meant to directly map to the state tables included within the iSCSI specification; they are meant to be simplified, higher-level definitions of connection state that provide information more useful to a user or network manager. No statistics are kept for connections. 6.8. iscsiTarget The iscsiTargetAttributesTable contains a list of iSCSI targets which may be accessed through the iSCSI instance. This table contains the target's iSCSI Name, alias string, and some attributes used to indicate the last failure that was (or should have been) sent as a notification or trap. This table is augmented by the iscsiTargetLoginStatsTable and the iscsiTargetLogoutStatsTable, which count the numbers of normal and abnormal logins and logouts to this target. 6.9. iscsiAccessList The iscsiAccessListAttributesTable contains an entry for each initiator that is allowed to access the target under which it appears. If a target allows access to any initiator, an AccessListAttributesEntry with the initiator's iSCSI name should be used. This table does not cover all possible access control schemes that a vendor could implement. If access to an initiator cannot be determined just by its iSCSI name, an implementation may either include a single entry per target with the initiator name "iscsi", or may choose to place no entries in this table. Bakke, Muchow Expires April 2002 [Page 8] Internet Draft iSCSI MIB October 2001 No statistics are provided for access list entries. 6.10. iscsiInitiator The iscsiInitiatorAttributesTable contains a list of iSCSI initiators which are used by this iSCSI instance to access targets. Most implementations will include a single entry in this table, regardless of the number of physical interfaces the initiator may use. This table's attributes include the initiator's iSCSI name and alias string. This table is augmented by the iscsiInitiatorLoginStatsTable and the iscsiInitiatorLogoutStatsTable, which count the numbers of normal and abnormal logins and logouts to this target. 6.11. IP Addresses and TCP Port Numbers The IP addresses in this MIB are represented by two attributes, one of type InetAddressType, and the other of type InetAddress. These are taken from [IPV6MIB], which is an update to [RFC2851] specifying how to support addresses that may be either IPv4 or IPv6. The TCP port numbers that appear in a few of the structures are described as simply port numbers, with a protocol attribute indicating whether they are TCP ports, or something else. This will allow the MIB to be compatible with iSCSI over transports other than TCP in the future. 6.12. Descriptors: Using OIDs in Place of Enumerated Types The iSCSI MIB has a few attributes, such as the authentication and digest method attributes, where an enumerated type would work well, except that an implementation may need to extend the attribute and add types of its own. To make this work, the MIB defines a set of object identities within iscsiDescriptors. Each of these object identities is basically an enumerated type. Attributes that make use of these object identities have a value which is an OID instead of an enumerated type. These OIDs can either indicate the object identities defined in this MIB, or object identities defined elsewhere, such as in an enterprise MIB. Those implementations that add their own authentication and digest methods should also define a corresponding object identity for each of these methods within their own enterprise MIB, and return its OID whenever one of these attributes is using that method. Bakke, Muchow Expires April 2002 [Page 9] Internet Draft iSCSI MIB October 2001 6.13. Notifications Three notifications are provided. One is sent by an initiator detecting a critical login failure; another is sent by a target detecting a critical login failure, and the third is sent upon a session being terminated due to an abnormal connection or digest failure. Critical failures are defined as those that may expose security-related problems that may require immediate action, such as failures due to authentication, authorization, or negotiation problems. Attributes in the initiator, target, and instance objects provide the information necessary to send in the notification, such as the initiator or target name and IP address at the other end that may have caused the failure. To avoid sending an excessive number of notifications due to multiple errors counted, an SNMP agent implementing the iSCSI MIB should not send more than three iSCSI notifications in any 10-second period. The 3-in-10 rule was chosen because one notification every three seconds was deemed often enough, but should two or three different notifications happen at the same time, it would not be desirable to suppress them. Three notifications in ten seconds is a happy medium, where a short burst of notifications is allowed, without inundating the network and/or trap host with a large number of notifications. Bakke, Muchow Expires April 2002 [Page 10] Internet Draft iSCSI MIB October 2001 7. MIB Definitions ISCSI-MIB DEFINITIONS ::= BEGIN -- 10/24-2001 changes -- 1) New Session Attributes -- -- 2) still 1 TBDs buried below (just do a editor search) IMPORTS MODULE-IDENTITY, OBJECT-TYPE, OBJECT-IDENTITY, NOTIFICATION-TYPE, Unsigned32, Counter32, Counter64, Gauge32, experimental FROM SNMPv2-SMI TEXTUAL-CONVENTION, TruthValue, VariablePointer, TimeStamp, AutonomousType FROM SNMPv2-TC MODULE-COMPLIANCE, OBJECT-GROUP, NOTIFICATION-GROUP FROM SNMPv2-CONF SnmpAdminString FROM SNMP-FRAMEWORK-MIB -- RFC 2571 -- These are from draft-ietf-ops-rfc2851-update-00.txt -- You will have to work out the details with your own -- compiler being because they are so new. InetAddressType, InetAddress FROM INET-ADDRESS-MIB ; iscsiModule MODULE-IDENTITY LAST-UPDATED "000108160000Z" ORGANIZATION "IETF IPS Working Group" CONTACT-INFO " Mark Bakke Postal: Cisco Systems, Inc 6450 Wedgwood Road, Suite 130 Maple Grove, MN USA 55311 Tel: +1 763-398-1000 Fax: +1 763-398-1001 E-mail: mbakke@cisco.com Bakke, Muchow Expires April 2002 [Page 11] Internet Draft iSCSI MIB October 2001 Marjorie Krueger Postal: Hewlett-Packard Networked Storage Architecture Networked Storage Solutions Org. 8000 Foothills Blvd. Roseville, CA 95747 Tel: +1 916-785-2656 Tel: +1 916-785-0391 Email: marjorie_krueger@hp.com Jim Muchow Postal: Cisco Systems, Inc 6450 Wedgwood Road, Suite 130 Maple Grove, MN USA 55311 Tel: +1 763-398-1000 Fax: +1 763-398-1001 E-mail: jmuchow@cisco.com" DESCRIPTION "The iSCSI Protocol MIB module." REVISION "000108160000Z" -- August 16, 2001 DESCRIPTION "Initial revision published as RFC xxxx." ::= { mib-2 xx } -- to be assigned by IANA. -- ::= { experimental 9999 } -- in case you want to COMPILE iscsiObjects OBJECT IDENTIFIER ::= { iscsiModule 1 } iscsiNotifications OBJECT IDENTIFIER ::= { iscsiModule 2 } iscsiConformance OBJECT IDENTIFIER ::= { iscsiModule 3 } -- Textual Conventions IscsiTransportProtocols ::= TEXTUAL-CONVENTION DISPLAY-HINT "d" STATUS current DESCRIPTION "This data type is used to define the transport protocols that will carry iSCSI PDUs." REFERENCE "RFC791, RFC1700 Bakke, Muchow Expires April 2002 [Page 12] Internet Draft iSCSI MIB October 2001 The presently known, officially delegated numbers can be found at: http://www.iana.org/assignments/protocol-numbers " SYNTAX INTEGER (0..255) ------------------------------------------------------------------------ iscsiDescriptors OBJECT IDENTIFIER ::= { iscsiObjects 1 } iscsiHeaderIntegrityTypes OBJECT IDENTIFIER ::= { iscsiDescriptors 1 } iscsiHdrIntegrityNone OBJECT-IDENTITY STATUS current DESCRIPTION "The authoritative identifier when no integrity scheme (for either the header or data) is being used." REFERENCE "iSCSI Protocol Specification." ::= { iscsiHeaderIntegrityTypes 1 } iscsiHdrIntegrityCrc32c OBJECT-IDENTITY STATUS current DESCRIPTION "The authoritative identifier when the integrity scheme (for either the header or data) is CRC-32c." REFERENCE "iSCSI Protocol Specification." ::= { iscsiHeaderIntegrityTypes 2 } iscsiDataIntegrityTypes OBJECT IDENTIFIER ::= { iscsiDescriptors 2 } iscsiDataIntegrityNone OBJECT-IDENTITY STATUS current DESCRIPTION "The authoritative identifier when no integrity scheme (for either the header or data) is being used." REFERENCE "iSCSI Protocol Specification." ::= { iscsiDataIntegrityTypes 1 } iscsiDataIntegrityCrc32c OBJECT-IDENTITY STATUS current DESCRIPTION "The authoritative identifier when the integrity scheme (for either the header or data) is CRC-32c." REFERENCE "iSCSI Protocol Specification." ::= { iscsiDataIntegrityTypes 2 } Bakke, Muchow Expires April 2002 [Page 13] Internet Draft iSCSI MIB October 2001 iscsiAuthMethodTypes OBJECT IDENTIFIER ::= { iscsiDescriptors 3 } iscsiAuthMethodNone OBJECT-IDENTITY STATUS current DESCRIPTION "The authoritative identifier when no authentication method is use." REFERENCE "iSCSI Protocol Specification." ::= { iscsiAuthMethodTypes 1 } iscsiAuthMethodSrp OBJECT-IDENTITY STATUS current DESCRIPTION "The authoritative identifier when the authentication method is SRP." REFERENCE "iSCSI Protocol Specification." ::= { iscsiAuthMethodTypes 2 } iscsiAuthMethodChap OBJECT-IDENTITY STATUS current DESCRIPTION "The authoritative identifier when the authentication method is CHAP." REFERENCE "iSCSI Protocol Specification." ::= { iscsiAuthMethodTypes 3 } iscsiAuthMethodKrb5 OBJECT-IDENTITY STATUS current DESCRIPTION "The authoritative identifier when the authentication method is KRB-5." REFERENCE "iSCSI Protocol Specification." ::= { iscsiAuthMethodTypes 4 } iscsiAuthMethodSpkm1 OBJECT-IDENTITY STATUS current DESCRIPTION "The authoritative identifier when the authentication method is SPKM-1." REFERENCE "iSCSI Protocol Specification." ::= { iscsiAuthMethodTypes 5 } iscsiAuthMethodSpkm2 OBJECT-IDENTITY STATUS current DESCRIPTION "The authoritative identifier when the authentication method is SPKM-2." REFERENCE "iSCSI Protocol Specification." Bakke, Muchow Expires April 2002 [Page 14] Internet Draft iSCSI MIB October 2001 ::= { iscsiAuthMethodTypes 6 } ---------------------------------------------------------------------- iscsiInstance OBJECT IDENTIFIER ::= { iscsiObjects 2 } iscsiInstanceNumber OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of rows in the iscsiInstanceAttributesTable." ::= { iscsiInstance 1 } -- Instance Attributes Table iscsiInstanceAttributesTable OBJECT-TYPE SYNTAX SEQUENCE OF IscsiInstanceAttributesEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A list of iSCSI instances present on the system." ::= { iscsiInstance 2 } iscsiInstanceAttributesEntry OBJECT-TYPE SYNTAX IscsiInstanceAttributesEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry (row) containing managment information applicable to a particular iSCSI instance." INDEX { iscsiInstIndex } ::= { iscsiInstanceAttributesTable 1 } IscsiInstanceAttributesEntry ::= SEQUENCE { iscsiInstIndex Unsigned32, iscsiInstDescr SnmpAdminString, iscsiInstVersionMin INTEGER, iscsiInstVersionMax INTEGER, iscsiInstVendorID SnmpAdminString, iscsiInstVendorVersion SnmpAdminString, iscsiInstTargetPortalNumber Unsigned32, iscsiInstInitiatorPortalNumber Unsigned32, iscsiInstSessionNumber Unsigned32, iscsiInstTargetNumber Unsigned32, iscsiInstInitiatorNumber Unsigned32, iscsiInstSsnFailures Counter32, iscsiInstLastSsnFailureType AutonomousType, Bakke, Muchow Expires April 2002 [Page 15] Internet Draft iSCSI MIB October 2001 iscsiInstLastSsnRmtNodeName SnmpAdminString } iscsiInstIndex OBJECT-TYPE SYNTAX Unsigned32 (1..4294967295) MAX-ACCESS not-accessible STATUS current DESCRIPTION "An arbitrary integer used to uniquely identify a particular ISCSI instance." ::= { iscsiInstanceAttributesEntry 1 } iscsiInstDescr OBJECT-TYPE SYNTAX SnmpAdminString MAX-ACCESS read-only STATUS current DESCRIPTION "An octet string, determined by the implementation to describe the iSCSI instance. When only a single instance is present, this object may be set to the zero-length string; with multiple iSCSI instances, it may be used in an implementation-dependent manner to describe the purpose of the respective instance." ::= { iscsiInstanceAttributesEntry 2 } iscsiInstVersionMin OBJECT-TYPE SYNTAX INTEGER (0..255) MAX-ACCESS read-only STATUS current DESCRIPTION "Minimum version number of the iSCSI specification supported by this instance." ::= { iscsiInstanceAttributesEntry 3 } iscsiInstVersionMax OBJECT-TYPE SYNTAX INTEGER (0..255) MAX-ACCESS read-only STATUS current DESCRIPTION "Maximum version number of the iSCSI specification supported by this instance." ::= { iscsiInstanceAttributesEntry 4 } iscsiInstVendorID OBJECT-TYPE SYNTAX SnmpAdminString MAX-ACCESS read-only STATUS current DESCRIPTION "An octet string describing the manufacturer of the Bakke, Muchow Expires April 2002 [Page 16] Internet Draft iSCSI MIB October 2001 implementation of this instance." ::= { iscsiInstanceAttributesEntry 5 } iscsiInstVendorVersion OBJECT-TYPE SYNTAX SnmpAdminString MAX-ACCESS read-only STATUS current DESCRIPTION "An octet string set by the manufacturer describing the verison of the implementation of this instance. The format of this string is determined solely by the manufacturer, and is for informational purposes only. It is unrelated to the iSCSI specification version numbers." ::= { iscsiInstanceAttributesEntry 6 } iscsiInstTargetPortalNumber OBJECT-TYPE SYNTAX Unsigned32 (1..4294967295) UNITS "transport endpoints" MAX-ACCESS read-only STATUS current DESCRIPTION "The number of rows in the iscsiTargetPortalAttributesTable which are currently associated with this iSCSI instance." ::= { iscsiInstanceAttributesEntry 7 } iscsiInstInitiatorPortalNumber OBJECT-TYPE SYNTAX Unsigned32 (1..4294967295) UNITS "Internet Network Addresses" MAX-ACCESS read-only STATUS current DESCRIPTION "The number of rows in the iscsiIntrPortalAttributesTable which are currently associated with this iSCSI instance." ::= { iscsiInstanceAttributesEntry 8 } iscsiInstSessionNumber OBJECT-TYPE SYNTAX Unsigned32 (1..4294967295) UNITS "sessions" MAX-ACCESS read-only STATUS current DESCRIPTION "The number of rows in the iscsiSessionAttributesTable which are currently associated with this iSCSI instance." ::= { iscsiInstanceAttributesEntry 9 } iscsiInstTargetNumber OBJECT-TYPE SYNTAX Unsigned32 (1..4294967295) UNITS "targets" Bakke, Muchow Expires April 2002 [Page 17] Internet Draft iSCSI MIB October 2001 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of rows in the iscsiTargetAttributesTable which are currently associated with this iSCSI instance." ::= { iscsiInstanceAttributesEntry 10 } iscsiInstInitiatorNumber OBJECT-TYPE SYNTAX Unsigned32 (1..4294967295) UNITS "initiators" MAX-ACCESS read-only STATUS current DESCRIPTION "The number of rows in the iscsiInitiatorAttributesTable which are currently associated with this iSCSI instance." ::= { iscsiInstanceAttributesEntry 11 } iscsiInstSsnFailures OBJECT-TYPE SYNTAX Counter32 UNITS "sessions" MAX-ACCESS read-only STATUS current DESCRIPTION "This object counts the number of times a session belonging to this instance has been failed." ::= { iscsiInstanceAttributesEntry 12 } iscsiInstLastSsnFailureType OBJECT-TYPE SYNTAX AutonomousType MAX-ACCESS read-only STATUS current DESCRIPTION "The counter object in the iscsiInstSsnErrorStatsTable that was incremented when the last session failure occurred. If the reason for failure is not found in the iscsiInstSsnErrorStatsTable, the value { 0.0 } is used instead." ::= { iscsiInstanceAttributesEntry 13 } iscsiInstLastSsnRmtNodeName OBJECT-TYPE SYNTAX SnmpAdminString MAX-ACCESS read-only STATUS current DESCRIPTION "An octet string describing the name of the remote node from the failed session." ::= { iscsiInstanceAttributesEntry 14 } Bakke, Muchow Expires April 2002 [Page 18] Internet Draft iSCSI MIB October 2001 -- Instance Session Failure Stats Table iscsiInstanceSsnErrorStatsTable OBJECT-TYPE SYNTAX SEQUENCE OF IscsiInstanceSsnErrorStatsEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A list of error types that will cause a session failure." ::= { iscsiInstance 3 } iscsiInstanceSsnErrorStatsEntry OBJECT-TYPE SYNTAX IscsiInstanceSsnErrorStatsEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry (row) containing managment information applicable to a particular iSCSI instance." AUGMENTS { iscsiInstanceAttributesEntry } ::= { iscsiInstanceSsnErrorStatsTable 1 } IscsiInstanceSsnErrorStatsEntry ::= SEQUENCE { iscsiInstSsnDigestErrors Counter32, iscsiInstSsnCxnTimeoutErrors Counter32, iscsiInstSsnFormatErrors Counter32 } iscsiInstSsnDigestErrors OBJECT-TYPE SYNTAX Counter32 UNITS "sessions" MAX-ACCESS read-only STATUS current DESCRIPTION "The count of sessions which were failed due to receipt of a PDU containing header or data digest errors." ::= { iscsiInstanceSsnErrorStatsEntry 1 } iscsiInstSsnCxnTimeoutErrors OBJECT-TYPE SYNTAX Counter32 UNITS "sessions" MAX-ACCESS read-only STATUS current DESCRIPTION "The count of sessions which were failed due to a sequence exceeding a time limit." ::= { iscsiInstanceSsnErrorStatsEntry 2 } iscsiInstSsnFormatErrors OBJECT-TYPE SYNTAX Counter32 Bakke, Muchow Expires April 2002 [Page 19] Internet Draft iSCSI MIB October 2001 UNITS "sessions" MAX-ACCESS read-only STATUS current DESCRIPTION "The count of sessions which were failed due to receipt of a PDU which contained a format error." ::= { iscsiInstanceSsnErrorStatsEntry 3 } ---------------------------------------------------------------------- iscsiTargetPortal OBJECT IDENTIFIER ::= { iscsiObjects 3 } -- Target Portal Attributes Table iscsiTgtPortalAttributesTable OBJECT-TYPE SYNTAX SEQUENCE OF IscsiTgtPortalAttributesEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A list of transport endpoints (using TCP or another transport protocol) on which this iSCSI instance listens for incoming connections to its targets." ::= { iscsiTargetPortal 1 } iscsiTgtPortalAttributesEntry OBJECT-TYPE SYNTAX IscsiTgtPortalAttributesEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry (row) containing managment information applicable to a particular target portal instance." INDEX { iscsiInstIndex, iscsiTgtPortalIndex } ::= { iscsiTgtPortalAttributesTable 1 } IscsiTgtPortalAttributesEntry ::= SEQUENCE { iscsiTgtPortalIndex Unsigned32, iscsiTgtPortalAddrType InetAddressType, iscsiTgtPortalAddr InetAddress, iscsiTgtPortalProtocol IscsiTransportProtocols, iscsiTgtPortalPort Unsigned32, iscsiTgtPortalTag INTEGER } iscsiTgtPortalIndex OBJECT-TYPE SYNTAX Unsigned32 (1..4294967295) MAX-ACCESS not-accessible STATUS current DESCRIPTION Bakke, Muchow Expires April 2002 [Page 20] Internet Draft iSCSI MIB October 2001 "An arbitrary integer used to uniquely identify a particular transport endpoint within this iSCSI instance." ::= { iscsiTgtPortalAttributesEntry 1 } iscsiTgtPortalAddrType OBJECT-TYPE SYNTAX InetAddressType MAX-ACCESS read-only STATUS current DESCRIPTION "The type of Internet Network Address in the iscsiTgtPortalAddr." ::= { iscsiTgtPortalAttributesEntry 2 } iscsiTgtPortalAddr OBJECT-TYPE SYNTAX InetAddress MAX-ACCESS read-only STATUS current DESCRIPTION "The portal's Internet Network Address." ::= { iscsiTgtPortalAttributesEntry 3 } iscsiTgtPortalProtocol OBJECT-TYPE SYNTAX IscsiTransportProtocols MAX-ACCESS read-only STATUS current DESCRIPTION "The portal's transport protocol." DEFVAL { 6 } -- TCP ::= { iscsiTgtPortalAttributesEntry 4 } iscsiTgtPortalPort OBJECT-TYPE SYNTAX Unsigned32 (1..65535) MAX-ACCESS read-only STATUS current DESCRIPTION "The portal's transport protocol port number." ::= { iscsiTgtPortalAttributesEntry 5 } iscsiTgtPortalTag OBJECT-TYPE SYNTAX INTEGER (1..65535) MAX-ACCESS read-only STATUS current DESCRIPTION "The portal's aggregation tag. Multiple-connection sessions may be aggregated over portals sharing an identical aggregation tag." ::= { iscsiTgtPortalAttributesEntry 6 } ---------------------------------------------------------------------- Bakke, Muchow Expires April 2002 [Page 21] Internet Draft iSCSI MIB October 2001 iscsiInitiatorPortal OBJECT IDENTIFIER ::= { iscsiObjects 4 } -- Initiator Portal Attributes Table iscsiIntrPortalAttributesTable OBJECT-TYPE SYNTAX SEQUENCE OF IscsiIntrPortalAttributesEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A list of Internet Network Addresses (using TCP or another transport protocol) from which this iSCSI instance may initiate connections to other targets." ::= { iscsiInitiatorPortal 1 } iscsiIntrPortalAttributesEntry OBJECT-TYPE SYNTAX IscsiIntrPortalAttributesEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry (row) containing managment information applicable to a particular initiator portal instance." INDEX { iscsiInstIndex, iscsiIntrPortalIndex } ::= { iscsiIntrPortalAttributesTable 1 } IscsiIntrPortalAttributesEntry ::= SEQUENCE { iscsiIntrPortalIndex Unsigned32, iscsiIntrPortalAddrType InetAddressType, iscsiIntrPortalAddr InetAddress, iscsiIntrPortalProtocol IscsiTransportProtocols, iscsiIntrPortalTag INTEGER } iscsiIntrPortalIndex OBJECT-TYPE SYNTAX Unsigned32 (1..4294967295) MAX-ACCESS not-accessible STATUS current DESCRIPTION "An arbitrary integer used to uniquely identify a particular initiator portal instance within an iSCSI instance present on the node." ::= { iscsiIntrPortalAttributesEntry 1 } iscsiIntrPortalAddrType OBJECT-TYPE SYNTAX InetAddressType MAX-ACCESS read-only STATUS current DESCRIPTION "The type of Internet Network Address in iscsiIntrPortalAddr." Bakke, Muchow Expires April 2002 [Page 22] Internet Draft iSCSI MIB October 2001 ::= { iscsiIntrPortalAttributesEntry 2 } iscsiIntrPortalAddr OBJECT-TYPE SYNTAX InetAddress MAX-ACCESS read-only STATUS current DESCRIPTION "The portal's Internet Network Address." ::= { iscsiIntrPortalAttributesEntry 3 } iscsiIntrPortalProtocol OBJECT-TYPE SYNTAX IscsiTransportProtocols MAX-ACCESS read-only STATUS current DESCRIPTION "The portal's transport protocol." DEFVAL { 6 } -- TCP ::= { iscsiIntrPortalAttributesEntry 4 } iscsiIntrPortalTag OBJECT-TYPE SYNTAX INTEGER (1..65535) MAX-ACCESS read-only STATUS current DESCRIPTION "The portal's aggregation tag. Multiple-connection sessions may be aggregated over portals sharing an identical aggregation tag." ::= { iscsiIntrPortalAttributesEntry 6 } ---------------------------------------------------------------------- iscsiSession OBJECT IDENTIFIER ::= { iscsiObjects 5 } -- Session Attributes Table iscsiSessionAttributesTable OBJECT-TYPE SYNTAX SEQUENCE OF IscsiSessionAttributesEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A list of sessions belonging to each iSCSI instance present on the system." ::= { iscsiSession 1 } iscsiSessionAttributesEntry OBJECT-TYPE SYNTAX IscsiSessionAttributesEntry MAX-ACCESS not-accessible STATUS current Bakke, Muchow Expires April 2002 [Page 23] Internet Draft iSCSI MIB October 2001 DESCRIPTION "An entry (row) containing managment information applicable to a particular session." INDEX { iscsiInstIndex, iscsiSsnIndex } ::= { iscsiSessionAttributesTable 1 } IscsiSessionAttributesEntry ::= SEQUENCE { iscsiSsnIndex Unsigned32, iscsiSsnDirection INTEGER, iscsiSsnTarget VariablePointer, iscsiSsnInitiatorName SnmpAdminString, iscsiSsnInitiator VariablePointer, iscsiSsnTargetName SnmpAdminString, iscsiSsnTsid INTEGER, iscsiSsnIsid INTEGER, iscsiSsnInitiatorAlias SnmpAdminString, iscsiSsnTargetAlias SnmpAdminString, iscsiSsnInitialR2t TruthValue, iscsiSsnBidiInitialR2t TruthValue, iscsiSsnImmediateData TruthValue, iscsiSsnType INTEGER, iscsiSsnMaxOutstandingR2t INTEGER, iscsiSsnDataPduLength INTEGER, iscsiSsnFirstBurstSize INTEGER, iscsiSsnMaxBurstSize INTEGER, iscsiSsnConnectionNumber Gauge32, iscsiSsnMaxConnections Gauge32, iscsiSsnHeaderIntegrity AutonomousType, iscsiSsnDataIntegrity AutonomousType, iscsiSsnAuthMethod AutonomousType, iscsiSsnDataSequenceInOrder TruthValue, iscsiSsnDataPduInOrder TruthValue, iscsiSsnLogoutLoginMaxTime INTEGER, iscsiSsnErrorRecoveryLevel INTEGER } iscsiSsnIndex OBJECT-TYPE SYNTAX Unsigned32 (1..4294967295) MAX-ACCESS not-accessible STATUS current DESCRIPTION "An arbitrary integer used to uniquely identify a particular session within an iSCSI instance present on the node." ::= { iscsiSessionAttributesEntry 1 } iscsiSsnDirection OBJECT-TYPE SYNTAX INTEGER { inboundSession(1), Bakke, Muchow Expires April 2002 [Page 24] Internet Draft iSCSI MIB October 2001 outboundSession(2) } MAX-ACCESS read-only STATUS current DESCRIPTION "Direction of iSCSI session: InboundSession - session is established from an external initiator to a target within this iSCSI instance. OutboundSession - session is established from an initiator within this iSCSI instance to an external target." ::= { iscsiSessionAttributesEntry 2 } iscsiSsnTarget OBJECT-TYPE SYNTAX VariablePointer MAX-ACCESS read-only STATUS current DESCRIPTION "If iscsiSsnDirection is Inbound, this object will point to the appropriate row in the iscsiTarget table. If iscsiSsnDirection is Outbound, this object will contain { 0.0 }." ::= { iscsiSessionAttributesEntry 3 } iscsiSsnInitiatorName OBJECT-TYPE SYNTAX SnmpAdminString MAX-ACCESS read-only STATUS current DESCRIPTION "If iscsiSsnDirection is Inbound, this object is an octet string that will contain the name of the remote initiator. If iscsiSsnDirection is Outbound, this object will contain a zero-length string." ::= { iscsiSessionAttributesEntry 4 } iscsiSsnInitiator OBJECT-TYPE SYNTAX VariablePointer MAX-ACCESS read-only STATUS current DESCRIPTION "If iscsiSsnDirection is Outbound, this object will point to the appropriate row in the iscsiInitiator table. Bakke, Muchow Expires April 2002 [Page 25] Internet Draft iSCSI MIB October 2001 If iscsiSsnDirection is Inbound, this object will contain { 0.0 }." ::= { iscsiSessionAttributesEntry 5 } iscsiSsnTargetName OBJECT-TYPE SYNTAX SnmpAdminString MAX-ACCESS read-only STATUS current DESCRIPTION "If iscsiSsnDirection is Outbound, this object is an octet string that will contain the name of the remote target. If iscsiSsnDirection is Inbound, this object will contain a zero-length string." ::= { iscsiSessionAttributesEntry 6 } iscsiSsnTsid OBJECT-TYPE SYNTAX INTEGER (1..65535) MAX-ACCESS read-only STATUS current DESCRIPTION "The target-defined portion of the iSCSI Session ID." ::= { iscsiSessionAttributesEntry 7 } iscsiSsnIsid OBJECT-TYPE SYNTAX INTEGER (1..65535) MAX-ACCESS read-only STATUS current DESCRIPTION "The initiator-defined portion of the iSCSI Session ID." ::= { iscsiSessionAttributesEntry 8 } iscsiSsnInitiatorAlias OBJECT-TYPE SYNTAX SnmpAdminString MAX-ACCESS read-only STATUS current DESCRIPTION "An octet string that gives the alias communicated by the initiator end of the session during the login phase. If no alias exists, the value is a zero-length string." ::= { iscsiSessionAttributesEntry 9 } iscsiSsnTargetAlias OBJECT-TYPE SYNTAX SnmpAdminString MAX-ACCESS read-only Bakke, Muchow Expires April 2002 [Page 26] Internet Draft iSCSI MIB October 2001 STATUS current DESCRIPTION "An octet string that gives the alias communicated by the target end of the session during the login phase. If no alias exists, the value is a zero-length string." ::= { iscsiSessionAttributesEntry 10 } iscsiSsnInitialR2t OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-only STATUS current DESCRIPTION "If set to true, indicates that the initiator must wait for an R2T before sending to the target. If set to false, the initiator may send data immediately, within limits set by iscsiSsnFirstBurstSize and the expected data transfer length of the request. Default is true." ::= { iscsiSessionAttributesEntry 11 } iscsiSsnBidiInitialR2t OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-only STATUS current DESCRIPTION "If set to true, indicates that the initiator must wait for an R2T before sending data to the target within a bi-directional (both read and write) request. If false, the initiator may send unsolicited write data as part of the request." ::= { iscsiSessionAttributesEntry 12 } iscsiSsnImmediateData OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-only STATUS current DESCRIPTION "Indicates whether the initiator and target have agreed to support immediate commands on this session." ::= { iscsiSessionAttributesEntry 13 } iscsiSsnType OBJECT-TYPE SYNTAX INTEGER { normalSession(1), discoverySession(2) } Bakke, Muchow Expires April 2002 [Page 27] Internet Draft iSCSI MIB October 2001 MAX-ACCESS read-only STATUS current DESCRIPTION "Type of iSCSI session: normalSession - session is a normal iSCSI session discoverySession - session is being used only for discovery." ::= { iscsiSessionAttributesEntry 14 } iscsiSsnMaxOutstandingR2t OBJECT-TYPE SYNTAX INTEGER (1..65535) MAX-ACCESS read-only STATUS current DESCRIPTION "The maximum number of outstanding request-to-transmit (R2T)s per task within this session." ::= { iscsiSessionAttributesEntry 15 } iscsiSsnDataPduLength OBJECT-TYPE SYNTAX INTEGER (0..33553920) UNITS "bytes" MAX-ACCESS read-only STATUS current DESCRIPTION "The maximum data payload size supported for command or data PDUs within this session. Note that the size of reported in bytes even though the negotiation is in 512k blocks." ::= { iscsiSessionAttributesEntry 16 } iscsiSsnFirstBurstSize OBJECT-TYPE SYNTAX INTEGER (0..8388480) UNITS "bytes" MAX-ACCESS read-only STATUS current DESCRIPTION "The maximum length supported for unsolicited data sent within this session. Note that the size of reported in bytes even though the negotiation is in 512k blocks." ::= { iscsiSessionAttributesEntry 17 } iscsiSsnMaxBurstSize OBJECT-TYPE SYNTAX INTEGER (0..33553920) UNITS "bytes" MAX-ACCESS read-only STATUS current Bakke, Muchow Expires April 2002 [Page 28] Internet Draft iSCSI MIB October 2001 DESCRIPTION "The maximum number of bytes which can be sent within a single sequence of Data-In or Data-Out PDUs." ::= { iscsiSessionAttributesEntry 18 } iscsiSsnConnectionNumber OBJECT-TYPE SYNTAX Gauge32 (1..65535) UNITS "connections" MAX-ACCESS read-only STATUS current DESCRIPTION "The number of transport protocol connections that currently belong to this session." ::= { iscsiSessionAttributesEntry 19 } iscsiSsnMaxConnections OBJECT-TYPE SYNTAX Gauge32 (1..65535) UNITS "connections" MAX-ACCESS read-only STATUS current DESCRIPTION "The maximum number of connections that will be allowed within this session." ::= { iscsiSessionAttributesEntry 20 } iscsiSsnHeaderIntegrity OBJECT-TYPE SYNTAX AutonomousType MAX-ACCESS read-only STATUS current DESCRIPTION "This object contains an OBJECT IDENTIFIER which identifies the iSCSI header digest scheme in use within this session. Some standardized values for this object are defined within the iscsiHeaderIntegrityTypes subtree." ::= { iscsiSessionAttributesEntry 21 } iscsiSsnDataIntegrity OBJECT-TYPE SYNTAX AutonomousType MAX-ACCESS read-only STATUS current DESCRIPTION "This object contains an OBJECT IDENTIFIER which identifies the iSCSI data digest scheme in use within this session. Some standardized values for this object are defined Bakke, Muchow Expires April 2002 [Page 29] Internet Draft iSCSI MIB October 2001 within the iscsiDataIntegrityTypes subtree." ::= { iscsiSessionAttributesEntry 22 } iscsiSsnAuthMethod OBJECT-TYPE SYNTAX AutonomousType MAX-ACCESS read-only STATUS current DESCRIPTION "This object contains an OBJECT IDENTIFIER which identifies the authentication method being used on this session, as communicated during the login phase. Some standardized values for this object are defined within the iscsiAuthMethods subtree." ::= { iscsiSessionAttributesEntry 23 } iscsiSsnDataSequenceInOrder OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-only STATUS current DESCRIPTION "False indicates that iSCSI data PDU sequences may be transferred in any order. True indicates that data PDU sequences must be tranferred using continuously increasing offsets, except during error recovery." ::= { iscsiSessionAttributesEntry 24 } iscsiSsnDataPduInOrder OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-only STATUS current DESCRIPTION "False indicates that iSCSI data PDUs within sequences may be in any order. True indicates that data PDUs within sequences must be at continuously increasing addresses, with no gaps or overlay between PDUs. Default is true." ::= { iscsiSessionAttributesEntry 25 } iscsiSsnLogoutLoginMaxTime OBJECT-TYPE SYNTAX INTEGER (2..2600) MAX-ACCESS read-only STATUS current DESCRIPTION "The time, in seconds, for which the target will Bakke, Muchow Expires April 2002 [Page 30] Internet Draft iSCSI MIB October 2001 keep connection and session state for possible recovery after a connection termination or reset." ::= { iscsiSessionAttributesEntry 26 } iscsiSsnErrorRecoveryLevel OBJECT-TYPE SYNTAX INTEGER (0..255) MAX-ACCESS read-only STATUS current DESCRIPTION "The level of error recovery negotiated between the initiator and the target. Higher numbers represent more detailed recovery schemes." ::= { iscsiSessionAttributesEntry 27 } -- Session Stats Table iscsiSessionStatsTable OBJECT-TYPE SYNTAX SEQUENCE OF IscsiSessionStatsEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A list of general iSCSI traffic counters for each of the sessions present on the system." ::= { iscsiSession 2 } iscsiSessionStatsEntry OBJECT-TYPE SYNTAX IscsiSessionStatsEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry (row) containing general iSCSI traffic counters for a particular session." AUGMENTS { iscsiSessionAttributesEntry } ::= { iscsiSessionStatsTable 1 } IscsiSessionStatsEntry ::= SEQUENCE { iscsiSsnCmdPdus Counter32, iscsiSsnRspPdus Counter32, iscsiSsnTxDataOctets Counter64, iscsiSsnRxDataOctets Counter64 } iscsiSsnCmdPdus OBJECT-TYPE SYNTAX Counter32 UNITS "PDUs" MAX-ACCESS read-only STATUS current DESCRIPTION Bakke, Muchow Expires April 2002 [Page 31] Internet Draft iSCSI MIB October 2001 "The count of Command PDUs transferred on this session." ::= { iscsiSessionStatsEntry 1 } iscsiSsnRspPdus OBJECT-TYPE SYNTAX Counter32 UNITS "PDUs" MAX-ACCESS read-only STATUS current DESCRIPTION "The count of Response PDUs transferred on this session." ::= { iscsiSessionStatsEntry 2 } iscsiSsnTxDataOctets OBJECT-TYPE SYNTAX Counter64 UNITS "octets" MAX-ACCESS read-only STATUS current DESCRIPTION "The count of data octets that were transmitted by the local iSCSI node on this session." ::= { iscsiSessionStatsEntry 3 } iscsiSsnRxDataOctets OBJECT-TYPE SYNTAX Counter64 UNITS "octets" MAX-ACCESS read-only STATUS current DESCRIPTION "The count of data octets that were received by the local iSCSI node on this session." ::= { iscsiSessionStatsEntry 4 } -- Session Connection Error Stats Table iscsiSessionCxnErrorStatsTable OBJECT-TYPE SYNTAX SEQUENCE OF IscsiSessionCxnErrorStatsEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A list of error counters for each of the sessions present on this system." ::= { iscsiSession 3 } iscsiSessionCxnErrorStatsEntry OBJECT-TYPE SYNTAX IscsiSessionCxnErrorStatsEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION Bakke, Muchow Expires April 2002 [Page 32] Internet Draft iSCSI MIB October 2001 "An entry (row) containing error counters for a particular session." AUGMENTS { iscsiSessionAttributesEntry } ::= { iscsiSessionCxnErrorStatsTable 1 } IscsiSessionCxnErrorStatsEntry ::= SEQUENCE { iscsiSsnDigestErrors Counter32, iscsiSsnCxnTimeoutErrors Counter32 } iscsiSsnDigestErrors OBJECT-TYPE SYNTAX Counter32 UNITS "PDUs" MAX-ACCESS read-only STATUS current DESCRIPTION "The count of PDUs which were received on the session and contained header or data digest errors." ::= { iscsiSessionCxnErrorStatsEntry 1 } iscsiSsnCxnTimeoutErrors OBJECT-TYPE SYNTAX Counter32 UNITS "sequences" MAX-ACCESS read-only STATUS current DESCRIPTION -- TBD No resolution yet that I can remember "This is the count of sequences which exceeded their time limit." ::= { iscsiSessionCxnErrorStatsEntry 2 } ---------------------------------------------------------------------- iscsiConnection OBJECT IDENTIFIER ::= { iscsiObjects 6 } -- Connection Attributes Table iscsiConnectionAttributesTable OBJECT-TYPE SYNTAX SEQUENCE OF IscsiConnectionAttributesEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A list of connections belonging to each iSCSI instance present on the system." ::= { iscsiConnection 1 } iscsiConnectionAttributesEntry OBJECT-TYPE SYNTAX IscsiConnectionAttributesEntry Bakke, Muchow Expires April 2002 [Page 33] Internet Draft iSCSI MIB October 2001 MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry (row) containing managment information applicable to a particular connection." INDEX { iscsiInstIndex, iscsiSsnIndex, iscsiCxnIndex } ::= { iscsiConnectionAttributesTable 1 } IscsiConnectionAttributesEntry ::= SEQUENCE { iscsiCxnIndex Unsigned32, iscsiCxnCid INTEGER, iscsiCxnState INTEGER, iscsiCxnLocalAddrType InetAddressType, iscsiCxnLocalAddr InetAddress, iscsiCxnProtocol IscsiTransportProtocols, iscsiCxnLocalPort Unsigned32, iscsiCxnRemoteAddrType InetAddressType, iscsiCxnRemoteAddr InetAddress, iscsiCxnRemotePort Unsigned32 } iscsiCxnIndex OBJECT-TYPE SYNTAX Unsigned32 (1..4294967295) MAX-ACCESS not-accessible STATUS current DESCRIPTION "An arbitrary integer used to uniquely identify a particular connection of a particular session within an iSCSI instance present on the node." ::= { iscsiConnectionAttributesEntry 1 } iscsiCxnCid OBJECT-TYPE SYNTAX INTEGER (1..65535) MAX-ACCESS read-only STATUS current DESCRIPTION "The iSCSI Connection ID for this connection." ::= { iscsiConnectionAttributesEntry 2 } iscsiCxnState OBJECT-TYPE SYNTAX INTEGER { login(1), full(2), logout(3) } MAX-ACCESS read-only STATUS current DESCRIPTION Bakke, Muchow Expires April 2002 [Page 34] Internet Draft iSCSI MIB October 2001 "The current state of this connection, from an iSCSI negotiation point of view. Here are the states: login - The transport protocol connection has been established, but a valid iSCSI login response with the final bit set has not been sent or received. full - A valid iSCSI login response with the final bit set has been sent or received. logout - A valid iSCSI logout command has been sent or received, but the transport protocol connection has not yet been closed." ::= { iscsiConnectionAttributesEntry 3 } iscsiCxnLocalAddrType OBJECT-TYPE SYNTAX InetAddressType MAX-ACCESS read-only STATUS current DESCRIPTION "The type of Internet Network Address in iscsiCxnLocalAddr." ::= { iscsiConnectionAttributesEntry 4 } iscsiCxnLocalAddr OBJECT-TYPE SYNTAX InetAddress MAX-ACCESS read-only STATUS current DESCRIPTION "The local Internet Network Address used by this connection." ::= { iscsiConnectionAttributesEntry 5 } iscsiCxnProtocol OBJECT-TYPE SYNTAX IscsiTransportProtocols MAX-ACCESS read-only STATUS current DESCRIPTION "The transport protocol over which this connection is running." DEFVAL { 6 } -- TCP ::= { iscsiConnectionAttributesEntry 6 } iscsiCxnLocalPort OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "The local transport protocol port used by this connection." ::= { iscsiConnectionAttributesEntry 7 } iscsiCxnRemoteAddrType OBJECT-TYPE Bakke, Muchow Expires April 2002 [Page 35] Internet Draft iSCSI MIB October 2001 SYNTAX InetAddressType MAX-ACCESS read-only STATUS current DESCRIPTION "The type of Internet Network Address in iscsiCxnRemoteAddr." ::= { iscsiConnectionAttributesEntry 8 } iscsiCxnRemoteAddr OBJECT-TYPE SYNTAX InetAddress MAX-ACCESS read-only STATUS current DESCRIPTION "The remote Internet Network Address used by this connection." ::= { iscsiConnectionAttributesEntry 9 } iscsiCxnRemotePort OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "The remote transport protocol port used by this connection." ::= { iscsiConnectionAttributesEntry 10 } ---------------------------------------------------------------------- iscsiTarget OBJECT IDENTIFIER ::= { iscsiObjects 7 } -- Target Attributes Table iscsiTargetAttributesTable OBJECT-TYPE SYNTAX SEQUENCE OF IscsiTargetAttributesEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A list of targets belonging to each iSCSI instance present on the system." ::= { iscsiTarget 1 } iscsiTargetAttributesEntry OBJECT-TYPE SYNTAX IscsiTargetAttributesEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry (row) containing managment information applicable to a particular target." INDEX { iscsiInstIndex, iscsiTgtIndex } ::= { iscsiTargetAttributesTable 1 } Bakke, Muchow Expires April 2002 [Page 36] Internet Draft iSCSI MIB October 2001 IscsiTargetAttributesEntry ::= SEQUENCE { iscsiTgtIndex Unsigned32, iscsiTgtName SnmpAdminString, iscsiTgtAlias SnmpAdminString, iscsiTgtLoginFailures Counter32, iscsiTgtLastFailureTime TimeStamp, iscsiTgtLastFailureType AutonomousType, iscsiTgtLastIntrFailureName SnmpAdminString, iscsiTgtLastIntrFailureAddrType InetAddressType, iscsiTgtLastIntrFailureAddr InetAddress } iscsiTgtIndex OBJECT-TYPE SYNTAX Unsigned32 (1..4294967295) MAX-ACCESS not-accessible STATUS current DESCRIPTION "An arbitrary integer used to uniquely identify a particular target within an iSCSI instance present on the node." ::= { iscsiTargetAttributesEntry 1 } iscsiTgtName OBJECT-TYPE SYNTAX SnmpAdminString MAX-ACCESS read-only STATUS current DESCRIPTION "A character string that is a globally unique identifier for this target. The target name is independent of the location of the target, and can be resolved into a set of addresses through various discovery services." ::= { iscsiTargetAttributesEntry 2 } iscsiTgtAlias OBJECT-TYPE SYNTAX SnmpAdminString MAX-ACCESS read-only STATUS current DESCRIPTION "An character string that is a human-readable name or description of the target. If configured, this alias may be communicated to the initiator during a Login Response message. This string is not used as an identifier, but can be displayed by the initiator's user interface in a list of targets to which it is connected. If no alias is configured, this object is a zero-length string." ::= { iscsiTargetAttributesEntry 3 } Bakke, Muchow Expires April 2002 [Page 37] Internet Draft iSCSI MIB October 2001 iscsiTgtLoginFailures OBJECT-TYPE SYNTAX Counter32 UNITS "failed login attempts" MAX-ACCESS read-only STATUS current DESCRIPTION "This object counts the number of times a login attempt to this local target has failed." ::= { iscsiTargetAttributesEntry 4 } iscsiTgtLastFailureTime OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The timestamp of the most recent failure of a login attempt to this target. A value of zero indicates that no such failures have occurred." ::= { iscsiTargetAttributesEntry 5 } iscsiTgtLastFailureType OBJECT-TYPE SYNTAX AutonomousType MAX-ACCESS read-only STATUS current DESCRIPTION "The type of the most recent failure of a login attempt to this target, represented as the OID of the counter object in iscsiTargetLoginStatsTable for which the relevant instance was incremented. A value of 0.0 indicates a type which is not represented by any of the counters in iscsiTargetLoginStatsTable." ::= { iscsiTargetAttributesEntry 6 } iscsiTgtLastIntrFailureName OBJECT-TYPE SYNTAX SnmpAdminString MAX-ACCESS read-only STATUS current DESCRIPTION "An octet string giving the name of the initiator that failed the last login attempt." ::= { iscsiTargetAttributesEntry 7 } iscsiTgtLastIntrFailureAddrType OBJECT-TYPE SYNTAX InetAddressType MAX-ACCESS read-only STATUS current DESCRIPTION "The type of Internet Network Address in Bakke, Muchow Expires April 2002 [Page 38] Internet Draft iSCSI MIB October 2001 iscsiTgtLastIntrFailureAddr." ::= { iscsiTargetAttributesEntry 8 } iscsiTgtLastIntrFailureAddr OBJECT-TYPE SYNTAX InetAddress MAX-ACCESS read-only STATUS current DESCRIPTION "An Internet Network Address giving the host address of the initiator that failed the last login attempt." ::= { iscsiTargetAttributesEntry 9 } -- Target Login Stats Table iscsiTargetLoginStatsTable OBJECT-TYPE SYNTAX SEQUENCE OF IscsiTargetLoginStatsEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A table of counters which keep a record of the results of initiators' login attempts to this target." ::= { iscsiTarget 2 } iscsiTargetLoginStatsEntry OBJECT-TYPE SYNTAX IscsiTargetLoginStatsEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry (row) containing counters for each result of a login attempt to this target." AUGMENTS { iscsiTargetAttributesEntry } ::= { iscsiTargetLoginStatsTable 1 } IscsiTargetLoginStatsEntry ::= SEQUENCE { iscsiTgtLoginAccepts Counter32, iscsiTgtLoginOtherFails Counter32, iscsiTgtLoginRedirects Counter32, iscsiTgtLoginAuthorizeFails Counter32, iscsiTgtLoginAuthenticateFails Counter32, iscsiTgtLoginNegotiateFails Counter32 } iscsiTgtLoginAccepts OBJECT-TYPE SYNTAX Counter32 UNITS "successful logins" MAX-ACCESS read-only STATUS current DESCRIPTION Bakke, Muchow Expires April 2002 [Page 39] Internet Draft iSCSI MIB October 2001 "The count of Login Response PDUs with status 0x0000, Accept Login, transmitted by this target." ::= { iscsiTargetLoginStatsEntry 1 } iscsiTgtLoginOtherFails OBJECT-TYPE SYNTAX Counter32 UNITS "failed logins" MAX-ACCESS read-only STATUS current DESCRIPTION "The number of Login Response PDUs which were transmitted by this target, and which were not counted by any other object in the row." ::= { iscsiTargetLoginStatsEntry 3 } iscsiTgtLoginRedirects OBJECT-TYPE SYNTAX Counter32 UNITS "failed logins" MAX-ACCESS read-only STATUS current DESCRIPTION "The count of Login Response PDUs with status class 0x01, Redirection, transmitted by this target." ::= { iscsiTargetLoginStatsEntry 2 } iscsiTgtLoginAuthorizeFails OBJECT-TYPE SYNTAX Counter32 UNITS "failed logins" MAX-ACCESS read-only STATUS current DESCRIPTION "The count of Login Response PDUs with status 0x0202, Forbidden Target, transmitted by this target. If this counter is incremented, an iscsiTgtLoginFailure notification should be generated." ::= { iscsiTargetLoginStatsEntry 4 } iscsiTgtLoginAuthenticateFails OBJECT-TYPE SYNTAX Counter32 UNITS "failed logins" MAX-ACCESS read-only STATUS current DESCRIPTION "The count of Login Response PDUs with status 0x0201, Authentication Failed, transmitted by this target Bakke, Muchow Expires April 2002 [Page 40] Internet Draft iSCSI MIB October 2001 If this counter is incremented, an iscsiTgtLoginFailure notification should be generated." ::= { iscsiTargetLoginStatsEntry 5 } iscsiTgtLoginNegotiateFails OBJECT-TYPE SYNTAX Counter32 UNITS "failed logins" MAX-ACCESS read-only STATUS current DESCRIPTION "The number of times a target has effectively refused a login because the parameter negotiation failed. [Ed. While this situation can occur, the exact mechanism is as yet undefined in the iSCSI Protocol Spec.] If this counter is incremented, an iscsiTgtLoginFailure notification should be generated." ::= { iscsiTargetLoginStatsEntry 6 } -- Target Logout Stats Table iscsiTargetLogoutStatsTable OBJECT-TYPE SYNTAX SEQUENCE OF IscsiTargetLogoutStatsEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "When a target receives a Logout command, it responds with a Logout Response that carries a status code. This table contains counters for both normal and abnormal logout requests received by this target." ::= { iscsiTarget 3 } iscsiTargetLogoutStatsEntry OBJECT-TYPE SYNTAX IscsiTargetLogoutStatsEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry (row) containing counters of Logout Response PDUs that were received by this target." AUGMENTS { iscsiTargetAttributesEntry } ::= { iscsiTargetLogoutStatsTable 1 } IscsiTargetLogoutStatsEntry ::= SEQUENCE { iscsiTgtLogoutNormals Counter32, iscsiTgtLogoutOthers Counter32 } iscsiTgtLogoutNormals OBJECT-TYPE Bakke, Muchow Expires April 2002 [Page 41] Internet Draft iSCSI MIB October 2001 SYNTAX Counter32 UNITS "normal logouts" MAX-ACCESS read-only STATUS current DESCRIPTION "The count of Logout Command PDUs received by this target, with reason code 0 (closes the session)." ::= { iscsiTargetLogoutStatsEntry 1 } iscsiTgtLogoutOthers OBJECT-TYPE SYNTAX Counter32 UNITS "abnormal logouts" MAX-ACCESS read-only STATUS current DESCRIPTION "The count of Logout Command PDUs received by this target, with any status code other than 0." ::= { iscsiTargetLogoutStatsEntry 2 } ---------------------------------------------------------------------- iscsiAccessList OBJECT IDENTIFIER ::= { iscsiObjects 8 } -- Access List Attributes Table iscsiAccessListAttributesTable OBJECT-TYPE SYNTAX SEQUENCE OF IscsiAccessListAttributesEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A list of iSCSI initiators which will be granted access to iSCSI resources through targets within the iSCSI instance." ::= { iscsiAccessList 1 } iscsiAccessListAttributesEntry OBJECT-TYPE SYNTAX IscsiAccessListAttributesEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry (row) containing management information applicable to an initiator which is known by a target within an iSCSI instance on this node." INDEX { iscsiInstIndex, iscsiTgtIndex, iscsiALIndex } ::= { iscsiAccessListAttributesTable 1 } IscsiAccessListAttributesEntry ::= SEQUENCE { iscsiALIndex Unsigned32, Bakke, Muchow Expires April 2002 [Page 42] Internet Draft iSCSI MIB October 2001 iscsiALInitiatorName SnmpAdminString } iscsiALIndex OBJECT-TYPE SYNTAX Unsigned32 (1..4294967295) MAX-ACCESS not-accessible STATUS current DESCRIPTION "An arbitrary integer used to uniquely identify a particular Access List instance of a particular target within an iSCSI instance present on the node." ::= { iscsiAccessListAttributesEntry 1 } iscsiALInitiatorName OBJECT-TYPE SYNTAX SnmpAdminString MAX-ACCESS read-only STATUS current DESCRIPTION "An octet string that defines an initiator identified by the key of the Login Command which will be granted access. If this string has the value of 'iscsi', then any initiator may access this target." ::= { iscsiAccessListAttributesEntry 2 } ---------------------------------------------------------------------- iscsiInitiator OBJECT IDENTIFIER ::= { iscsiObjects 9 } -- Initiator Attributes Table iscsiInitiatorAttributesTable OBJECT-TYPE SYNTAX SEQUENCE OF IscsiInitiatorAttributesEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A list of initiators belonging to each iSCSI instance present on the system." ::= { iscsiInitiator 1 } iscsiInitiatorAttributesEntry OBJECT-TYPE SYNTAX IscsiInitiatorAttributesEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry (row) containing managment information applicable to a particular initiator." INDEX { iscsiInstIndex, iscsiIntrIndex } ::= { iscsiInitiatorAttributesTable 1 } Bakke, Muchow Expires April 2002 [Page 43] Internet Draft iSCSI MIB October 2001 IscsiInitiatorAttributesEntry ::= SEQUENCE { iscsiIntrIndex Unsigned32, iscsiIntrName SnmpAdminString, iscsiIntrAlias SnmpAdminString, iscsiIntrLoginFailures Counter32, iscsiIntrLastFailureTime TimeStamp, iscsiIntrLastFailureType AutonomousType, iscsiIntrLastTgtFailureName SnmpAdminString, iscsiIntrLastTgtFailureAddrType InetAddressType, iscsiIntrLastTgtFailureAddr InetAddress } iscsiIntrIndex OBJECT-TYPE SYNTAX Unsigned32 (1..4294967295) MAX-ACCESS not-accessible STATUS current DESCRIPTION "An arbitrary integer used to uniquely identify a particular initiator within an iSCSI instance present on the node." ::= { iscsiInitiatorAttributesEntry 1 } iscsiIntrName OBJECT-TYPE SYNTAX SnmpAdminString MAX-ACCESS read-only STATUS current DESCRIPTION "A character string that is a globally unique identifier for this initiator. The initiator name is independent of the location of the initiator." ::= { iscsiInitiatorAttributesEntry 2 } iscsiIntrAlias OBJECT-TYPE SYNTAX SnmpAdminString MAX-ACCESS read-only STATUS current DESCRIPTION "A character string that is a human-readable name or description of the initiator. If configured, this initiator alias may be communicated to the target during a Login Request message. This string is not used as an identifier, but can be displayed by the target's user interface in a list of initiators to which it is connected. If no alias is configured, this object is a zero-length string." ::= { iscsiInitiatorAttributesEntry 3 } Bakke, Muchow Expires April 2002 [Page 44] Internet Draft iSCSI MIB October 2001 iscsiIntrLoginFailures OBJECT-TYPE SYNTAX Counter32 UNITS "failed logins" MAX-ACCESS read-only STATUS current DESCRIPTION "This object counts the number of times a login attempt from this local initiator has failed." ::= { iscsiInitiatorAttributesEntry 4 } iscsiIntrLastFailureTime OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The timestamp of the most recent failure of a login attempt from this initiator. A value of zero indicates that no such failures have occurred." ::= { iscsiInitiatorAttributesEntry 5 } iscsiIntrLastFailureType OBJECT-TYPE SYNTAX AutonomousType MAX-ACCESS read-only STATUS current DESCRIPTION "The type of the most recent failure of a login attempt from this initiator, represented as the OID of the counter object in iscsiInitiatorLoginStatsTable for which the relevant instance was incremented. A value of 0.0 indicates a type which is not represented by any of the counters in iscsiInitiatorLoginStatsTable." ::= { iscsiInitiatorAttributesEntry 6 } iscsiIntrLastTgtFailureName OBJECT-TYPE SYNTAX SnmpAdminString MAX-ACCESS read-only STATUS current DESCRIPTION "An octet string giving the name of the target that failed the last login attempt." ::= { iscsiInitiatorAttributesEntry 7 } iscsiIntrLastTgtFailureAddrType OBJECT-TYPE SYNTAX InetAddressType MAX-ACCESS read-only STATUS current DESCRIPTION "The type of Internet Network Address in iscsiIntrLastTgtFailureAddr." Bakke, Muchow Expires April 2002 [Page 45] Internet Draft iSCSI MIB October 2001 ::= { iscsiInitiatorAttributesEntry 8 } iscsiIntrLastTgtFailureAddr OBJECT-TYPE SYNTAX InetAddress MAX-ACCESS read-only STATUS current DESCRIPTION "An Internet Network Address giving the host address of the target that failed the last login attempt." ::= { iscsiInitiatorAttributesEntry 9 } -- Initiator Login Stats Table iscsiInitiatorLoginStatsTable OBJECT-TYPE SYNTAX SEQUENCE OF IscsiInitiatorLoginStatsEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A table of counters which keep track of the results of this initiator's login attempts." ::= { iscsiInitiator 2 } iscsiInitiatorLoginStatsEntry OBJECT-TYPE SYNTAX IscsiInitiatorLoginStatsEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry (row) containing counters of each result of this initiator's login attempts." AUGMENTS { iscsiInitiatorAttributesEntry } ::= { iscsiInitiatorLoginStatsTable 1 } IscsiInitiatorLoginStatsEntry ::= SEQUENCE { iscsiIntrLoginAcceptRsps Counter32, iscsiIntrLoginOtherFailRsps Counter32, iscsiIntrLoginRedirectRsps Counter32, iscsiIntrLoginAuthFailRsps Counter32, iscsiIntrLoginAuthenticateFails Counter32, iscsiIntrLoginNegotiateFails Counter32 } iscsiIntrLoginAcceptRsps OBJECT-TYPE SYNTAX Counter32 UNITS "successful logins" MAX-ACCESS read-only STATUS current DESCRIPTION "The count of Login Response PDUs with status Bakke, Muchow Expires April 2002 [Page 46] Internet Draft iSCSI MIB October 2001 0x0000, Accept Login, received by this initiator." ::= { iscsiInitiatorLoginStatsEntry 1 } iscsiIntrLoginOtherFailRsps OBJECT-TYPE SYNTAX Counter32 UNITS "failed logins" MAX-ACCESS read-only STATUS current DESCRIPTION "The count of Login Response PDUs received by this initiator with any status code not counted in the objects below." ::= { iscsiInitiatorLoginStatsEntry 2 } iscsiIntrLoginRedirectRsps OBJECT-TYPE SYNTAX Counter32 UNITS "failed logins" MAX-ACCESS read-only STATUS current DESCRIPTION "The count of Login Response PDUs with status class 0x01, Redirection, received by this initiator." ::= { iscsiInitiatorLoginStatsEntry 3 } iscsiIntrLoginAuthFailRsps OBJECT-TYPE SYNTAX Counter32 UNITS "failed logins" MAX-ACCESS read-only STATUS current DESCRIPTION "The count of Login Response PDUs with status class 0x201, Authentication Failed, received by this initiator." ::= { iscsiInitiatorLoginStatsEntry 4 } iscsiIntrLoginAuthenticateFails OBJECT-TYPE SYNTAX Counter32 UNITS "failed logins" MAX-ACCESS read-only STATUS current DESCRIPTION "The number of times the initiator has aborted a login because the target could not be authenticated. No response is generated. If this counter is incremented, an iscsiIntrLoginFailure notification should be generated." ::= { iscsiInitiatorLoginStatsEntry 5 } Bakke, Muchow Expires April 2002 [Page 47] Internet Draft iSCSI MIB October 2001 iscsiIntrLoginNegotiateFails OBJECT-TYPE SYNTAX Counter32 UNITS "failed logins" MAX-ACCESS read-only STATUS current DESCRIPTION "The number of times the initiator has aborted a login because parameter negotiation with the target failed. No response is generated. If this counter is incremented, an iscsiIntrLoginFailure notification should be generated." ::= { iscsiInitiatorLoginStatsEntry 6 } -- Initiator Logout Stats Table iscsiInitiatorLogoutStatsTable OBJECT-TYPE SYNTAX SEQUENCE OF IscsiInitiatorLogoutStatsEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "When an initiator attempts send a Logout command, the target responds with a Logout Response that carries a status code. This table contains a list of counters of Logout Response PDUs of each status code, that were received by each initiator belonging to this iSCSI instance present on this system." ::= { iscsiInitiator 3 } iscsiInitiatorLogoutStatsEntry OBJECT-TYPE SYNTAX IscsiInitiatorLogoutStatsEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry (row) containing counters of Logout Response PDUs of each status code, that were generated by this initiator." AUGMENTS { iscsiInitiatorAttributesEntry } ::= { iscsiInitiatorLogoutStatsTable 1 } IscsiInitiatorLogoutStatsEntry ::= SEQUENCE { iscsiIntrLogoutNormals Counter32, iscsiIntrLogoutOthers Counter32 } iscsiIntrLogoutNormals OBJECT-TYPE Bakke, Muchow Expires April 2002 [Page 48] Internet Draft iSCSI MIB October 2001 SYNTAX Counter32 UNITS "normal logouts" MAX-ACCESS read-only STATUS current DESCRIPTION "The count of Logout Command PDUs generated by this initiator with reason code 0 (closes the session)." ::= { iscsiInitiatorLogoutStatsEntry 1 } iscsiIntrLogoutOthers OBJECT-TYPE SYNTAX Counter32 UNITS "abnormal logouts" MAX-ACCESS read-only STATUS current DESCRIPTION "The count of Logout Command PDUs generated by this initiator with any status code other than 0." ::= { iscsiInitiatorLogoutStatsEntry 2 } ------------------------------------------------------------------------ -- Notifications iscsiNotificationsPrefix OBJECT IDENTIFIER ::= { iscsiNotifications 0 } iscsiTgtLoginFailure NOTIFICATION-TYPE OBJECTS { iscsiTgtLoginFailures, iscsiTgtLastFailureType, iscsiTgtLastIntrFailureName, iscsiTgtLastIntrFailureAddrType, iscsiTgtLastIntrFailureAddr } STATUS current DESCRIPTION "Sent when a login is failed by a target. The implementation of this trap should not send more than 3 notifications of this type in any 10 second time span." ::= { iscsiNotificationsPrefix 1 } iscsiIntrLoginFailure NOTIFICATION-TYPE OBJECTS { iscsiIntrLoginFailures, iscsiIntrLastFailureType, iscsiIntrLastTgtFailureName, iscsiIntrLastTgtFailureAddrType, iscsiIntrLastTgtFailureAddr } Bakke, Muchow Expires April 2002 [Page 49] Internet Draft iSCSI MIB October 2001 STATUS current DESCRIPTION "Sent when a login is failed by a initiator. The implementation of this trap should not send more than 3 notifications of this type in any 10 second time span." ::= { iscsiNotificationsPrefix 2 } iscsiInstSessionFailure NOTIFICATION-TYPE OBJECTS { iscsiInstSsnFailures, iscsiInstLastSsnFailureType, iscsiInstLastSsnRmtNodeName } STATUS current DESCRIPTION "Sent when an active session is failed by either the initiator or the target. The implementation of this trap should not send more than 3 notifications of this type in any 10 second time span." ::= { iscsiNotificationsPrefix 3 } ------------------------------------------------------------------------ -- Conformance Statements iscsiGroups OBJECT IDENTIFIER ::= { iscsiConformance 1 } iscsiInstanceAttributesGroup OBJECT-GROUP OBJECTS { iscsiInstanceNumber, iscsiInstDescr, iscsiInstVersionMin, iscsiInstVersionMax, iscsiInstVendorID, iscsiInstVendorVersion, iscsiInstTargetPortalNumber, iscsiInstInitiatorPortalNumber, iscsiInstSessionNumber, iscsiInstTargetNumber, iscsiInstInitiatorNumber, iscsiInstSsnFailures, iscsiInstLastSsnFailureType, iscsiInstLastSsnRmtNodeName } STATUS current DESCRIPTION Bakke, Muchow Expires April 2002 [Page 50] Internet Draft iSCSI MIB October 2001 "A collection of objects providing information about iSCSI instances." ::= { iscsiGroups 1 } iscsiInstanceSsnErrorStatsGroup OBJECT-GROUP OBJECTS { iscsiInstSsnDigestErrors, iscsiInstSsnCxnTimeoutErrors, iscsiInstSsnFormatErrors } STATUS current DESCRIPTION "A collection of objects providing information about errors that have caused a session failure for an iSCSI instance." ::= { iscsiGroups 2 } iscsiTgtPortalAttributesGroup OBJECT-GROUP OBJECTS { iscsiTgtPortalProtocol, iscsiTgtPortalAddrType, iscsiTgtPortalAddr, iscsiTgtPortalPort, iscsiTgtPortalTag } STATUS current DESCRIPTION "A collection of objects providing information about the transport protocol endpoints of the local targets." ::= { iscsiGroups 3 } iscsiIntrPortalAttributesGroup OBJECT-GROUP OBJECTS { iscsiIntrPortalProtocol, iscsiIntrPortalAddrType, iscsiIntrPortalAddr, iscsiIntrPortalTag } STATUS current DESCRIPTION "A collection of objects providing information about the Internet Network Addresses of the local initiators." ::= { iscsiGroups 4 } iscsiSessionAttributesGroup OBJECT-GROUP OBJECTS { iscsiSsnDirection, iscsiSsnTarget, Bakke, Muchow Expires April 2002 [Page 51] Internet Draft iSCSI MIB October 2001 iscsiSsnInitiatorName, iscsiSsnInitiator, iscsiSsnTargetName, iscsiSsnTsid, iscsiSsnIsid, iscsiSsnInitiatorAlias, iscsiSsnTargetAlias, iscsiSsnInitialR2t, iscsiSsnBidiInitialR2t, iscsiSsnImmediateData, iscsiSsnType, iscsiSsnMaxOutstandingR2t, iscsiSsnDataPduLength, iscsiSsnFirstBurstSize, iscsiSsnMaxBurstSize, iscsiSsnConnectionNumber, iscsiSsnMaxConnections, iscsiSsnHeaderIntegrity, iscsiSsnDataIntegrity, iscsiSsnAuthMethod, iscsiSsnDataSequenceInOrder, iscsiSsnDataPduInOrder, iscsiSsnLogoutLoginMaxTime, iscsiSsnErrorRecoveryLevel } STATUS current DESCRIPTION "A collection of objects providing information applicable to all sessions." ::= { iscsiGroups 5 } iscsiSessionStatsGroup OBJECT-GROUP OBJECTS { iscsiSsnCmdPdus, iscsiSsnRspPdus, iscsiSsnTxDataOctets, iscsiSsnRxDataOctets } STATUS current DESCRIPTION "A collection of objects providing information about message and data traffic for all sessions." ::= { iscsiGroups 6 } iscsiSessionCxnErrorStatsGroup OBJECT-GROUP OBJECTS { iscsiSsnDigestErrors, iscsiSsnCxnTimeoutErrors Bakke, Muchow Expires April 2002 [Page 52] Internet Draft iSCSI MIB October 2001 } STATUS current DESCRIPTION "A collection of objects providing information about connection errors for all sessions." ::= { iscsiGroups 7 } iscsiConnectionAttributesGroup OBJECT-GROUP OBJECTS { iscsiCxnCid, iscsiCxnState, iscsiCxnProtocol, iscsiCxnLocalAddrType, iscsiCxnLocalAddr, iscsiCxnLocalPort, iscsiCxnRemoteAddrType, iscsiCxnRemoteAddr, iscsiCxnRemotePort } STATUS current DESCRIPTION "A collection of objects providing information about all connections used by all sessions." ::= { iscsiGroups 8 } iscsiTargetAttributesGroup OBJECT-GROUP OBJECTS { iscsiTgtName, iscsiTgtAlias, iscsiTgtLoginFailures, iscsiTgtLastFailureTime, iscsiTgtLastFailureType, iscsiTgtLastIntrFailureName, iscsiTgtLastIntrFailureAddrType, iscsiTgtLastIntrFailureAddr } STATUS current DESCRIPTION "A collection of objects providing information about all local targets." ::= { iscsiGroups 9 } iscsiTargetLoginStatsGroup OBJECT-GROUP OBJECTS { iscsiTgtLoginAccepts, iscsiTgtLoginOtherFails, iscsiTgtLoginRedirects, iscsiTgtLoginAuthorizeFails, Bakke, Muchow Expires April 2002 [Page 53] Internet Draft iSCSI MIB October 2001 iscsiTgtLoginAuthenticateFails, iscsiTgtLoginNegotiateFails } STATUS current DESCRIPTION "A collection of objects providing information about all login attempts by remote initiators to local targets." ::= { iscsiGroups 10 } iscsiTargetLogoutStatsGroup OBJECT-GROUP OBJECTS { iscsiTgtLogoutNormals, iscsiTgtLogoutOthers } STATUS current DESCRIPTION "A collection of objects providing information about all logout events between remote initiators to local targets." ::= { iscsiGroups 11 } iscsiAccessListAttributesGroup OBJECT-GROUP OBJECTS { iscsiALInitiatorName } STATUS current DESCRIPTION "A collection of objects providing information about all initiators to be granted access." ::= { iscsiGroups 12 } iscsiInitiatorAttributesGroup OBJECT-GROUP OBJECTS { iscsiIntrName, iscsiIntrAlias, iscsiIntrLoginFailures, iscsiIntrLastFailureTime, iscsiIntrLastFailureType, iscsiIntrLastTgtFailureName, iscsiIntrLastTgtFailureAddrType, iscsiIntrLastTgtFailureAddr } STATUS current DESCRIPTION "A collection of objects providing information about all local initiators." ::= { iscsiGroups 13 } iscsiInitiatorLoginStatsGroup OBJECT-GROUP Bakke, Muchow Expires April 2002 [Page 54] Internet Draft iSCSI MIB October 2001 OBJECTS { iscsiIntrLoginAcceptRsps, iscsiIntrLoginOtherFailRsps, iscsiIntrLoginRedirectRsps, iscsiIntrLoginAuthFailRsps, iscsiIntrLoginAuthenticateFails, iscsiIntrLoginNegotiateFails } STATUS current DESCRIPTION "A collection of objects providing information about all login attempts by local initiators to remote targets." ::= { iscsiGroups 14 } iscsiInitiatorLogoutStatsGroup OBJECT-GROUP OBJECTS { iscsiIntrLogoutNormals, iscsiIntrLogoutOthers } STATUS current DESCRIPTION "A collection of objects providing information about all logout events between local initiators to remote targets." ::= { iscsiGroups 15 } iscsiTgtLgnNotificationsGroup NOTIFICATION-GROUP NOTIFICATIONS { iscsiTgtLoginFailure } STATUS current DESCRIPTION "A collection of notifications which indicate a login failure from a remote initiator to a local target." ::= { iscsiGroups 16 } iscsiIntrLgnNotificationsGroup NOTIFICATION-GROUP NOTIFICATIONS { iscsiIntrLoginFailure } STATUS current DESCRIPTION "A collection of notifications which indicate a login failure from a local initiator to a remote target." ::= { iscsiGroups 17 } iscsiSsnFlrNotificationsGroup NOTIFICATION-GROUP NOTIFICATIONS { iscsiInstSessionFailure Bakke, Muchow Expires April 2002 [Page 55] Internet Draft iSCSI MIB October 2001 } STATUS current DESCRIPTION "A collection of notifications which indicate session failures occurring after login." ::= { iscsiGroups 18 } ------------------------------------------------------------------------ iscsiCompliances OBJECT IDENTIFIER ::= { iscsiConformance 2 } iscsiComplianceV1 MODULE-COMPLIANCE STATUS current DESCRIPTION "Initial version of compliance statement based on initial version of MIB. If an implementation can be both a target and an initiator, all groups are mandatory." MODULE -- this module MANDATORY-GROUPS { iscsiInstanceAttributesGroup, iscsiSessionAttributesGroup, iscsiSessionStatsGroup, iscsiSessionCxnErrorStatsGroup, iscsiConnectionAttributesGroup, iscsiSsnFlrNotificationsGroup } -- Conditionally mandatory groups to be included with -- the mandatory groups when the implementation has -- iSCSI target facilities. GROUP iscsiTgtPortalAttributesGroup DESCRIPTION "This group is mandatory for all iSCSI implementations that have iSCSI target facilities." GROUP iscsiTargetAttributesGroup DESCRIPTION "This group is mandatory for all iSCSI implementations that have iSCSI target facilities." GROUP iscsiTargetLoginStatsGroup DESCRIPTION "This group is mandatory for all iSCSI implementations that have iSCSI target facilities." Bakke, Muchow Expires April 2002 [Page 56] Internet Draft iSCSI MIB October 2001 GROUP iscsiTargetLogoutStatsGroup DESCRIPTION "This group is mandatory for all iSCSI implementations that have iSCSI target facilities." GROUP iscsiAccessListAttributesGroup DESCRIPTION "This group is mandatory for all iSCSI implementations that have iSCSI target facilities." GROUP iscsiTgtLgnNotificationsGroup DESCRIPTION "This group is mandatory for all iSCSI implementations that have iSCSI target facilities." -- Conditionally mandatory groups to be included with -- the mandatory groups when the implementation has -- iSCSI initiator facilities. GROUP iscsiIntrPortalAttributesGroup DESCRIPTION "This group is mandatory for all iSCSI implementations that have iSCSI initiator facilities." GROUP iscsiInitiatorAttributesGroup DESCRIPTION "This group is mandatory for all iSCSI implementations that have iSCSI initiator facilities." GROUP iscsiInitiatorLoginStatsGroup DESCRIPTION "This group is mandatory for all iSCSI implementations that have iSCSI initiator facilities." GROUP iscsiInitiatorLogoutStatsGroup DESCRIPTION "This group is mandatory for all iSCSI implementations that have iSCSI initiator facilities." GROUP iscsiIntrLgnNotificationsGroup DESCRIPTION "This group is mandatory for all iSCSI implementations that have iSCSI initiator facilities." ::= { iscsiCompliances 1 } END Bakke, Muchow Expires April 2002 [Page 57] Internet Draft iSCSI MIB October 2001 8. Security Considerations There are no management objects defined in this MIB that have a MAX- ACCESS clause of read-write and/or read-create. So, if this MIB is implemented correctly, then there is no risk that an intruder can alter or create any management objects of this MIB via direct SNMP SET operations. Information gleaned from this MIB could be used to make connections to the iSCSI targets it represents. However, it is the responsbility of the initiators and targets involved to authenticate each other to ensure that an inappropriately advertised or discovered initiator or target does not compromise their security. These issues are discussed in [ISCSI]. SNMPv1 by itself is not a secure environment. Even if the network itself is secure (for example by using IPSec), even then, there is no control as to who on the secure network is allowed to access and GET/SET (read/change/create/delete) the objects in this MIB. It is recommended that the implementers consider the security features as provided by the SNMPv3 framework. Specifically, the use of the User-based Security Model RFC 2574 [RFC2574] and the View- based Access Control Model RFC 2575 [RFC2575] is recommended. It is then a customer/user responsibility to ensure that the SNMP entity giving access to an instance of this MIB, is properly configured to give access to the objects only to those principals (users) that have legitimate rights to indeed GET or SET (change/create/delete) them. 9. References [ISCSI] Satran, J., et. al., "iSCSI", draft-ietf-ips-iSCSI-08, September 2001. [RFC2571] Harrington, D., Presuhn, R., and B. Wijnen, "An Architecture for Describing SNMP Management Frameworks", RFC 2571, April 1999. [RFC1155] Rose, M., and K. McCloghrie, "Structure and Identification of Management Information for TCP/IP-based Internets", STD 16, RFC 1155, May 1990. [RFC1212] Rose, M., and K. McCloghrie, "Concise MIB Definitions", STD 16, RFC 1212, March 1991. Bakke, Muchow Expires April 2002 [Page 58] Internet Draft iSCSI MIB October 2001 [RFC1215] M. Rose, "A Convention for Defining Traps for use with the SNMP", RFC 1215, March 1991. [RFC2578] McCloghrie, K., Perkins, D., Schoenwaelder, J., Case, J., Rose, M., and S. Waldbusser, "Structure of Management Information Version 2 (SMIv2)", STD 58, RFC 2578, April 1999. [RFC2579] McCloghrie, K., Perkins, D., Schoenwaelder, J., Case, J., Rose, M., and S. Waldbusser, "Textual Conventions for SMIv2", STD 58, RFC 2579, April 1999. [RFC2580] McCloghrie, K., Perkins, D., Schoenwaelder, J., Case, J., Rose, M., and S. Waldbusser, "Conformance Statements for SMIv2", STD 58, RFC 2580, April 1999. [RFC1157] Case, J., Fedor, M., Schoffstall, M., and J. Davin, "Simple Network Management Protocol", STD 15, RFC 1157, May 1990. [RFC1901] Case, J., McCloghrie, K., Rose, M., and S. Waldbusser, "Introduction to Community-based SNMPv2", RFC 1901, January 1996. [RFC1906] Case, J., McCloghrie, K., Rose, M., and S. Waldbusser, "Transport Mappings for Version 2 of the Simple Network Management Protocol (SNMPv2)", RFC 1906, January 1996. [RFC2572] Case, J., Harrington D., Presuhn R., and B. Wijnen, "Message Processing and Dispatching for the Simple Network Management Protocol (SNMP)", RFC 2572, April 1999. [RFC2574] Blumenthal, U., and B. Wijnen, "User-based Security Model (USM) for version 3 of the Simple Network Management Protocol (SNMPv3)", RFC 2574, April 1999. [RFC1905] Case, J., McCloghrie, K., Rose, M., and S. Waldbusser, "Protocol Operations for Version 2 of the Simple Network Management Protocol (SNMPv2)", RFC 1905, January 1996. [RFC2573] Levi, D., Meyer, P., and B. Stewart, "SNMPv3 Applications", RFC 2573, April 1999. [RFC2575] Wijnen, B., Presuhn, R., and K. McCloghrie, "View-based Access Control Model (VACM) for the Simple Network Management Protocol (SNMP)", RFC 2575, April 1999. [RFC2570] Case, J., Mundy, R., Partain, D., and B. Stewart, "Introduction to Version 3 of the Internet-standard Network Bakke, Muchow Expires April 2002 [Page 59] Internet Draft iSCSI MIB October 2001 Management Framework", RFC 2570, April 1999. [RFC2012] McCloghrie, K., "SNMPv2 Management Information Base for the Transmission Control Protocol using SMIv2", RFC 2012, November 1996. [RFC2851] Daniele, M., et. al., "Textual Conventions for Internet Network Addresses", RFC 2851, June 2000. [IPV6MIB] Daniele, M., et. al., "Textual Conventions for Internet Network Addresses", draft-ietf-ops-rfc2851-update-00.txt, February 2001 10. Authors' Addresses Mark Bakke Postal: Cisco Systems, Inc 6450 Wedgwood Road, Suite 130 Maple Grove, MN USA 55311 Tel: +1 763-398-1000 Fax: +1 763-398-1001 E-mail: mbakke@cisco.com Marjorie Krueger Postal: Hewlett-Packard Networked Storage Architecture Networked Storage Solutions Org. 8000 Foothills Blvd. Roseville, CA USA 95747 Tel: +1 916-785-2656 Tel: +1 916-785-0391 Email: marjorie_krueger@hp.com Bakke, Muchow Expires April 2002 [Page 60] Internet Draft iSCSI MIB October 2001 Tom McSweeney Postal: IBM Corporation 600 Park Offices Drive Research Triangle Park, NC USA 27709 Tel: +1-919-254-5634 Fax: +1-919-254-0391 E-mail: rf42tpme@us.ibm.com Jim Muchow Postal: Cisco Systems, Inc 6450 Wedgwood Road, Suite 130 Maple Grove, MN USA 55311 Tel: +1 763-398-1000 Fax: +1 763-398-1001 E-mail: jmuchow@cisco.com" Bakke, Muchow Expires April 2002 [Page 61]